diff options
author | Katharina Fey <kookie@spacekookie.de> | 2018-06-28 23:16:28 +0200 |
---|---|---|
committer | Katharina Fey <kookie@spacekookie.de> | 2018-06-28 23:16:28 +0200 |
commit | df23d3dc3c028ebce6e8185f3d6578f48de38290 (patch) | |
tree | cef2932b0953e51c4b9031ed2451e05122e01649 /lockchain-core/src | |
parent | eb62b89c0d53dc4bb0fe9fd5a1a337289ea4ab53 (diff) |
Changing lockchain-core::crypto to keybob keys. then updating all
references in lockchain-crypto to use it instead.
Diffstat (limited to 'lockchain-core/src')
-rw-r--r-- | lockchain-core/src/crypto.rs | 12 | ||||
-rw-r--r-- | lockchain-core/src/crypto/keys.rs | 48 | ||||
-rw-r--r-- | lockchain-core/src/crypto/mod.rs | 20 | ||||
-rw-r--r-- | lockchain-core/src/lib.rs | 4 | ||||
-rw-r--r-- | lockchain-core/src/prelude.rs | 0 | ||||
-rw-r--r-- | lockchain-core/src/users.rs | 38 | ||||
-rw-r--r-- | lockchain-core/src/users/auth.rs | 42 |
7 files changed, 103 insertions, 61 deletions
diff --git a/lockchain-core/src/crypto.rs b/lockchain-core/src/crypto.rs deleted file mode 100644 index 3bba5a2..0000000 --- a/lockchain-core/src/crypto.rs +++ /dev/null @@ -1,12 +0,0 @@ -//! Shared cryptographic primitives for the lockchain ecosystem -//! -//! This is a secure storage vault after all, we need some -//! shared crypto helpers for all the other crates :) - -mod keys; -mod utils; -mod data; - -pub use self::keys::{Key, KEY_LENGTH}; -pub use self::data::PackedData; -pub use self::utils::*;
\ No newline at end of file diff --git a/lockchain-core/src/crypto/keys.rs b/lockchain-core/src/crypto/keys.rs deleted file mode 100644 index 6211851..0000000 --- a/lockchain-core/src/crypto/keys.rs +++ /dev/null @@ -1,48 +0,0 @@ -//! A module that handles key generation and key loading - -use traits::AutoEncoder; -use super::utils::{hashing, random}; - -/// A shared key length parameter for all cryptographic operations -/// -/// This is *not* ideal and should be replaced with something better -/// at some point in the future -pub const KEY_LENGTH: usize = 64; - -/// A wrapper to represent a key for encryption -#[derive(Debug, Serialize, Deserialize, Eq, PartialEq, Clone)] -pub struct Key { - pub data: Vec<u8>, -} - -impl AutoEncoder for Key {} - -impl Key { - - /// Create a new key from scratch - pub fn generate() -> Key { - let data = random::bytes(KEY_LENGTH); - Key { data: data } - } - - /// Use a password as a key - pub fn from_password(password: &str, salt: &str) -> Key { - let hashed = hashing::blake2(password, salt); - let mut vec: Vec<u8> = Vec::new(); - for b in &hashed { - vec.push(b.clone()); - } - Key { data: vec } - } - - pub fn to_vec(&self) -> Vec<u8> { - self.data.clone() - } - - /// Used to get the raw data from this key, as a slice copy - pub fn to_slice(&self) -> [u8; KEY_LENGTH] { - let mut slice: [u8; KEY_LENGTH] = [0; KEY_LENGTH]; - slice.clone_from_slice(&self.data); - slice - } -} diff --git a/lockchain-core/src/crypto/mod.rs b/lockchain-core/src/crypto/mod.rs new file mode 100644 index 0000000..cbc9fb7 --- /dev/null +++ b/lockchain-core/src/crypto/mod.rs @@ -0,0 +1,20 @@ +//! Shared cryptographic primitives for the lockchain ecosystem +//! +//! This is a secure storage vault after all, we need some +//! shared crypto helpers for all the other crates :) + +mod data; +mod utils; + +/// We re-export keybob's API here +mod keys { + use traits::AutoEncoder; + pub use keybob::{Key, KeyType}; + + impl AutoEncoder for Key {} + impl AutoEncoder for KeyType {} +} + +pub use self::data::PackedData; +pub use self::keys::{Key, KeyType}; +pub use self::utils::*; diff --git a/lockchain-core/src/lib.rs b/lockchain-core/src/lib.rs index d9b90ef..465f145 100644 --- a/lockchain-core/src/lib.rs +++ b/lockchain-core/src/lib.rs @@ -12,13 +12,15 @@ extern crate bcrypt; extern crate base64; extern crate blake2; extern crate rand; +extern crate keybob; pub mod errors; pub mod traits; pub mod crypto; +pub mod users; mod meta; mod record; pub use self::crypto::PackedData; pub use self::record::{Header, Payload, Record, EncryptedBody}; -pub use self::meta::{MetaDomain, VaultMetadata};
\ No newline at end of file +pub use self::meta::{MetaDomain, VaultMetadata}; diff --git a/lockchain-core/src/prelude.rs b/lockchain-core/src/prelude.rs deleted file mode 100644 index e69de29..0000000 --- a/lockchain-core/src/prelude.rs +++ /dev/null diff --git a/lockchain-core/src/users.rs b/lockchain-core/src/users.rs new file mode 100644 index 0000000..34bcd42 --- /dev/null +++ b/lockchain-core/src/users.rs @@ -0,0 +1,38 @@ +//! User and access regulation module +//! +//! + +mod auth; +pub use self::auth::Token; + +use traits::AutoEncoder; + +/// Specifies access to a resource +#[derive(Serialize, Deserialize)] +pub enum Access { + /// Allows access to vault metadata & index files + Vault(String), + /// Allows access to a record resource inside a vault + Record(String, String), +} + +/// Specifies the capabilities of a user +#[derive(Serialize, Deserialize)] +pub enum Role { + Reader, + Editor, + Admin, +} + +/// A generic user representation +#[derive(Serialize, Deserialize)] +pub struct User { + id: u64, + name: String, + pw_hash: String, + pw_salt: String, + role: Role, + access: Vec<Access>, +} + +impl AutoEncoder for User {} diff --git a/lockchain-core/src/users/auth.rs b/lockchain-core/src/users/auth.rs new file mode 100644 index 0000000..e6e4854 --- /dev/null +++ b/lockchain-core/src/users/auth.rs @@ -0,0 +1,42 @@ +use crypto::random; + +const TOK_SIZE: usize = 64; + +/// An authentication token that can be compared in constant time +/// +/// ``` +/// +/// use lockchain_core::users::auth::Token; +/// let t1 = Token::new(); +/// let t2 = Token::new(); +/// +/// // Will fail, but no expose failure length +/// assert_eq!(t1, t2); +/// ``` +pub struct Token { + tok: [u8; TOK_SIZE], +} + +impl Token { + pub fn new() -> Self { + let v = random::bytes(TOK_SIZE); + let mut tok = [0; TOK_SIZE]; + tok.copy_from_slice(v.as_slice()); + + Self { tok } + } +} + +impl PartialEq for Token { + fn eq(&self, other: &Self) -> bool { + let mut ret = true; + for i in 0..TOK_SIZE { + if self.tok[i] != other.tok[i] { + ret = false; + } + } + ret + } +} + +impl Eq for Token {} |